How to use Nmap under Windows and Linux?

Nmap
Nmap

Dernière mise à jour: 14 mai 2024

Nmap is an open source port scanner that can obtain information about a remote computer's operating system. This software is increasingly used by network administrators because it provides very precise information about a network.

Nmap is available under Linux, Windows and Mac OS.

In this article we will see the basic operation of Nmap. Then, we will define the weak points of your network or your machines to avoid unforeseen attacks.

What is the role of Nmap?

The objective of the Nmap scanner is very simple: it allows you to find in a very short time, all open ports on a remote machine. It also allows you to know the type and version of the OS running on the machine.

For example, we can discover thanks to NMAP that a system hosts Windows Server with a certain version. If this version of Windows contains listed vulnerabilities, we can then launch attacks to take control of this machine.

Nmap installation

Public chat Windows

First of all, first download the .EXE Nmap file.
Once the file is recovered, double-click it. The installation wizard opens. Then click successively on NextI agree, Next, Next.

Nmap installation Windows
Nmap installation Windows

Then click install, And then Finish.
At the end of the installation, open thecommand prompt and move to the folder Nmap “C:\Program Files (x86)\Nmap”  with the following commands:

c:
cd “\Program Files (x86)\Nmap”

Nmap-windows
Note that Nmap for Windows now include GUI. If you prefer to use it with the interface, there should be a new icon on your desktop.

However here we will teach you how to use Nmap from the command line. It's quick and more convenient.

On linux

If you are under the Debian-based distributions, the NMAP package is pre-installed and you just have to type the following command:

sudo apt-get install nmap

Then if you use  kali-linux , you will not have to do the installation. It is also already installed on your system.
Finally, if you use distributions based on RPM packages (Redhat, Mandrake, Suse, etc.) then these simple commands usually do the trick:

rpm -vhU https://nmap.org/dist/nmap-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https://nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm

Note that on Linux, you can also use Nmap with a graphical interface thanks to Zenmap.

How to use Nmap?

Identify the operating system of a remote machine

nmap -O 127.0.0.1

Si Nmap cannot identify the version of your OS, we can display a list of systems that could potentially correspond.

nmap -O –osscan-guess 127.0.0.1

Discover machines on a network

If you want to identify all the machines on your network.

nmap -sp 192.168.0.0/10

See the open ports on a machine

Un port scan allows you to see how your machine is seen from the outside, what services are accessible. On the other hand, a port scan allows hacker to see the services running remotely in order to find a fault in one of these services. This way, he can go further in the attack.

nmap127.0.0.1

To scan a specific port. Here is the http port:

nmap –p 80 127.0.0.1

Spoof MAC address

THEMAC address spoofing and the changing a MAC address so that it resembles that of another network card. This technique is called “MAC Spoofing”

nmap –spoof-mac 01:02:03:04:05:06 127.0.0.1
nmap –spoof-mac Cisco 127.0.0.1

See all open TCP ports

nmap –sS 80 127.0.0.1

See all open UDP ports

nmap –sp 80 127.0.0.1

FTP bounce scan

FTP Bounce scanning is supported by the -b option. It allows you to ask an FTP server to scan ports for you. This technique is a bit old but it is still possible to find vulnerable FTP servers.

In my case, I go through my local FTP server which has the address 127.0.0.1 to scan a range ofIP addresses :

nmap -b 127.0.0.1 192.168.0,.0-255

The real usefulness of Nmap for pentesters lies in the combination of the latter with Metasploit Framework to scan one or more machines and automatically launch exploits.

Finally, I strongly encourage you to test Nmap on your network in order to verify that your machines do not present any exploitable flaw.

And if you have other examples of Nmap uses, you can post them in a comment.